CVE-2014-8131

CWE-2648 documents7 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 40.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedJan 6

Latest updateMay 17

Description

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶Debianlibvirt< 1.2.9-7+3

▶NVDredhat/libvirt1.2.10

🔴Vulnerability Details

GHSA

GHSA-7rwv-h43r-x9q6: The qemu implementation of virConnectGetAllDomainStats in libvirt before 1↗2022-05-17

▶

OSV

CVE-2014-8131: The qemu implementation of virConnectGetAllDomainStats in libvirt before 1↗2015-01-06

▶

CVEList

CVE-2014-8131: The qemu implementation of virConnectGetAllDomainStats in libvirt before 1↗2015-01-06

▶

📋Vendor Advisories

Red Hat

libvirt: deadlock and segfault in qemuConnectGetAllDomainStats↗2014-12-05

▶

Debian

CVE-2014-8131: libvirt - The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 ...↗2014

▶

💬Community

Bugzilla

CVE-2014-8131 libvirt: deadlock and segfault in qemuConnectGetAllDomainStats [fedora-all]↗2014-12-10

▶

Bugzilla

CVE-2014-8131 libvirt: deadlock and segfault in qemuConnectGetAllDomainStats↗2014-12-10

▶